The leading cause of privacy breaches in New Zealand

What is a Privacy Breach?

Breaches of privacy are defined as when an organisation or individual provides unauthorised or accidental access or discloses, alters, loses/destroys someone’s personal information.

Reporting serious breaches of privacy became a legal requirement in December 2020. In the 11 months following the announcement, there has been an increase of almost 300 percent reporting compared to the same timeframe the previous year.


privacy breaches reported per month
source: Privacy Commissioner


The leading cause of privacy breaches in New Zealand is human error.


Causes of Privacy Breaches

causes of privacy breaches
source: Privacy Commissioner

There are five causes of breach categories. These are Human error, Malicious attack, Theft, System Error, and Other. The leading cause of privacy breaches has been human error (61 percent).

According to a report published by the Office of the Privacy Commissioner (OPC), “the most common type of human error causing privacy breaches is email error” which accounts for over a quarter of the breaches.

Email error is preventable with good systems in place and training around company processes. “Other types of human error include accidental disclosure of sensitive personal information, data entry errors, confidently breaches, redaction errors, postal and courier errors” states the OPC’s report.


Privacy Breaches Resulting in Serious Harm

While only breaches that have or have the potential to cause serious harm need to be reported, the OPC recommends erring on the side of caution and if in doubt, report your privacy breach. A third of all privacy breaches reported in the 11 months since the mandating have met the threshold of serious harm.

There are ten types of harm recognised by the OPC. 35 percent of serious breaches reported between December 2020 and October 2021 involved emotional harm – the most common.

Beaches in privacy can be seen across all sectors, from private to non-profit, and in a wide range of industries as well. Most organisations in New Zealand are holding kiwis’ personal information in some form. It is their responsibility to ensure it is kept secure at all times.


Privacy Breach Notification Timeframe

Privacy Commissioner John Edwards has emphasised that timely privacy breach notification is a mandatory obligation. “In June this year, we set out our expectations around the timeliness of privacy breach notification clear. A notifiable breach should be reported to us no later than 72 hours after an agency has become aware of it.”

Even with this expectation in place less than half of all serious breach notifications are being made within the 72-hour timeframe. The OPC has created a tool that allows you to report privacy breaches. The NotifyUs tool on their website allows you to notify their office of any breaches and then update the notification as more information becomes available.

This enables breaches to be brought forward as soon as you are aware of them, giving the OPC more time to support you in reducing potential harm to affected individuals.

The NotifyUs tool also offers a “Privacy breach self-assessment” tool. The tool is completely anonymous and aims to guide you in deciding if the breach meets the threshold for being reported or not.

Failure to report a serious privacy breach is a criminal offense that may result in a fine of up to $10,000.

Resource Centre

Your guide to background checks

Download the guide to understand:

  • Which background checks to run
  • Why run them
  • What they show
  • Who the issuing authority in New Zealand is

Please note that MyChecks is closing at the end of 2023

We would like to thank you for your support over the past 3 years.

Key dates:
– Last day for requesting a check is Friday 22nd December 2023
– Last day to access and download your checks Friday 19 January 2024

We understand that you will need to find an alternate supplier to complete your background checks. We recommend Checkmate, a NZ based background checking business. You can find them at
Download Your Guide To Background Checks